<?php
apf_require_controller("Abstract");
apf_require_class("Util_Tools");
apf_require_class("Bll_Flow_UserSecurityKey");
apf_require_class("Security_Api_Crypt_key");
apf_require_class("Const_Tip");
class Ajax_CheckSecurityController extends AbstractController {

    public function handle_request() {

        $params = $this->request->get_parameters();
        $this->api_crypt = Security_Api_Crypt_key::get_instance();
        $this->_check_params($params);

        $status = $this->verify_key($params['pwd']);
        $msg = $status ? "验证成功！":"安全验证失败！";
        $this->json_encode($status,$msg);
        exit;
    }

    private function verify_key($key) {
        $result = 0;
        if(empty($key)) {return $result;}

        $user_id = $this->get_user_id();
        $bll_key = new Bll_Flow_UserSecurityKey();
        $info = $bll_key->get_user_miwen($user_id);

        if(!empty($info['user_id'])) {
            $system_key = $this->api_crypt->decrypt($info['security_key'], $key);
            $_SESSION['system_sa'] = $system_key;

            if($system_key == $bll_key->get_system_key()) {
                $_SESSION['user_security_enable'] = '1';
                $result = 1;
            }else {
                $_SESSION['user_security_enable'] = '0';
                $result = 0;
            }

        }
        return $result;
    }

    /**
     * 参数检测
     */
    private function _check_params($params){
        #1.验证参数是否完整
        if(empty($params['pwd'])) {
            $this->json_encode(0,Const_Tip::ERROR_USER_SEC_KEY_EMPTY);
        }
    }
}